-
Notifications
You must be signed in to change notification settings - Fork 2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #7781 from ckan/7409-secret-consolidation-followup
- Loading branch information
Showing
8 changed files
with
82 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
Starting from CKAN 2.11, the :ref:`SECRET_KEY` configuration option is required to start CKAN. This is the secret token that is used by security related tasks by CKAN and its extensions. Previous CKAN versions relied on the ``beaker.session.secret`` config option for this. | ||
The ``ckan generate config`` command generates a unique value for this option each time it generates a config file. Alternatively, you can generate one manually with the following command:: | ||
|
||
python -c "import secrets; print(secrets.token_urlsafe(20))" | ||
|
||
Note that all the following secret configuration options will fallback to the ``SECRET_KEY`` value if not defined in your ini file: | ||
|
||
* :ref:`beaker.session.secret` | ||
* :ref:`beaker.session.validate_key` | ||
* :ref:`WTF_CSRF_SECRET_KEY` | ||
* :ref:`api_token.jwt.encode.secret` | ||
* :ref:`api_token.jwt.decode.secret` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
import pytest | ||
|
||
from ckan.lib.api_token import _get_secret | ||
|
||
|
||
@pytest.mark.ckan_config("SECRET_KEY", "super_secret") | ||
@pytest.mark.ckan_config("api_token.jwt.encode.secret", None) | ||
@pytest.mark.ckan_config("api_token.jwt.decode.secret", None) | ||
def test_secrets_default_to_SECRET_KEY(): | ||
assert _get_secret(True) == "super_secret" # Encode | ||
assert _get_secret(False) == "super_secret" # Decode |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters